cleantalk
Vulnerabilities and Security Researches

Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management, f426ca5630acbdf6b437c2bb8a97e339b1eaf797

CVE, Research URL

f426ca5630acbdf6b437c2bb8a97e339b1eaf797

Home page URL

Security reports for Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management

Application

Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management

Published on
-
Research Description
Simple URLs &#8211; Link Cloaking, Product Displays, and Affiliate Link Management [simple-urls] <= 117 (unfixed) Simple URLs &lt;= 117 - Cross-Site Request Forgery via AJAX actions The Simple URLs plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on its AJAX handler functions in versions up to, and including, 117. This makes it possible for unauthenticated attackers to invoke those functions and change plugin behavior and settings provided they can trick an administrator into performing an action such as clicking on a link.
Affected versions
max 117.
Status
vulnerable
Previous vulnerability researches
Nextend Social Login and Register (CVE-2014-8800) , Jun 07, 2024
Nextend Social Login and Register (CVE-2015-4413) , Jun 07, 2024
Nextend Social Login and Register (9d33cb45c6b99122e0c0e635939fd5605cfcfc48) , Jun 16, 2026
Nextend Social Login and Register (CVE-2024-1775) , Jun 07, 2024
Nextend Social Login and Register (281fe3cc-7079-403e-83d6-8b7e8811edbc) , Jun 16, 2026
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026